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DESCRIPTION 

ASSERTION GENERATING SYSTEM, PROGRAM THEREOF, CIRCUIT 
VERIFYING SYSTEM, AND ASSERTION GENERATING METHOD 

5 

TECHNICAL FIELD 

The present invention relates to a technology 
that executes circuit verification of an LSI (large scale 
integration) and so on using a process based on a computer 

10 program, and a verifying technology for verifying so that 
design violation and missing verification do not exist in 
design data by converting a property of a circuit to be 
verified into an assertion description and inputting the 
assertion description to a simulator when the design data 

15 of a circuit in a RTL (register transfer level) are 

dynamically verified by the simulator; and in particular, 
an assertion generating system, a program thereof, a 
circuit verifying system, and an assertion generating 
method, in which the above technology is used. 

20 The property to be discussed below is plain text 

that defines operations intended and expected in design 
data to be verified. For example, the property defines a 
relation between reception and response of a request signal 
and an approval signal in an arbiter circuit on time series 

25 constraint, and defines a regular state of the time series 
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constraint and circuit specifications to be forbidden. In 
addition, the property is an event to be monitored as a 
function coverage point which confirms whether a specific 
circuit sequence has been tested by a simulation. Property 
5 verification verifies whether a design description 
satisfies a predetermined property. 

BACKGROUND ART 

Recently, a system has been revised or a revised 

10 edition of a system has been published frequently, caused 
by missing verification of a corner case due to the 
complexity of a circuit and an increase of circuit size of 
a semiconductor integrated circuit, by missing confirmation 
of interface specifications among blocks allocated to 

15 plural designers due to group work, or by specification 
errors of a reusable core purchased from a third party. 

These problems come from, for example, 
insufficient circuit verification or a test scenario that 
can extract bugs, which were not able to be formed because 

20 a corner case and core specifications of the third party 
were not understood sufficiently. 

In order to solve these problems, an assertion 
verification technology, in which a property with respect 
to circuit specifications is converted into an assertion 

25 description and the assertion description is input to a 
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simulator (computer) for verif icatiorir and a function 
coverage report for showing a warning for assertion 
violation during the simulation and showing whether a 
specific circuit sequence has been tested by a simulator is 
5 given, has been proposed and has been recently put into use 
in actual designing. 

An assertion is a note in which intention (in 
some cases, this shows property) of designing is written 
and is generally written by a comment sentence in a RTL. 

10 The intention is interpreted by a simulator during the 

verification, for example, an error log is generated in a 
case where a circuit to be verified operates differently 
from the intention. The intention of designing is, for 
example, an assiomption and a precondition of circuit input, 

15 and in addition to these, expected operations when the 
conditions are satisfied. 

The simulator checks the following two matters. 
(1) Specific events such as an assumption and a 
precondition have occurred. 

20 (2) Expected operations at that time complete 

normally. 

From the above check (1) , the assertion gives 
feedback of determining information as to whether a 
specific circuit function is confirmed by verification. 
25 Therefore, when the assertion is comprehensively installed 



- 4 - 

in a circuit to be verified, function coverage of the 
assertion can be obtained; consequently, its verification 
accuracy can be obtained quantitatively. 

From the above check (2), the feedback to a 
5 verification debugging can be obtained by the assertion. 
For example, an assertion installed in a position, from 
which an influence caused by a circuit malfunction cannot 
be observed by external terminals, complements a 
malfunction state. In addition, when conditions such as an 

10 assumption and a precondition are satisfied in any stimulus, 
this expected operation is checked at any time. Therefore, 
for example, even when the stimulus is structured by a 
random system, self-collation with the expected operation, 
that is, comparison of expected values, can be executed. 

15 In addition, an assertion installed in a lower block is 
also effective in chip level verification. 

The intention of designing may be described by a 
Verilog-HDL for verification being different from a RTL for 
logic synthesis; however, here, another assertion language 

20 is described. 

At present, the most popular assertion language 
is a PSL (property specification language) described in 
Non-Patent Document 1. The PSL is an assertion language 
which will be given to IEEE from a standardization 

25 organization named Accellera, and is actually a standard 
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language. In the following^ an actual example of an 
assertion description using the PSL is shown. 

For example r it is assumed that the following 
design intention (property) for memory control is desired 
5 to monitored by verification. 

1) read_n and write_n do not become Low at the same time 

2) at the fall (negative) of write_n, enable_n is High 

3) at the fall of readjn, enable_n is Low 

The PSL description (assertion description) to be 
10 given to a simulator as an assertion for the intention is 
as follows. 

// psl property memcontl = never (!write_n && !read_n) 
@ (posedge elk) ; 
// psl assert memcontl ; 
15 // psl property memcont2 = always (enable_n) @ (negedge 
write_n) ; 

// psl assert memcont2 ; 

// psl property memcontS = always (!enable_n) @ (negedge 
read_n) ; 

20 // psl assert memcontS ; 

All of ^'psl, property^ never^ assert, always" in 
the above PSL description (assertion description) are 
reserved words in the PSL. All rows start with 'V/" which 
shows a comment of the Verilog-HDL. In this, instead of 

25 using 'V/"r all of the PSL descriptions can be closed with 



The words ^^memcontl, 2 , 3, !write_n && !read_n, 
posedge elk, enable_n, negedge write_n, !enable_n, negedge 
read_n'' are descriptions by a user definition, and actual 
installed data names, that is, memory control signal names 
which appear in the RTL for defining the intention of 1) 
through 3) except for '^memcontl, 2, 3'' . 

In addition, ^^memcontl though 3" are assertion 
names and are used for knowing an error log and a function 
coverage being given from the simulator as feedback. 

The assertion description by the PSL has the 
following structural elements. 
// psl property <an assertion name> = 

<an event to be monitored> -> <expected operation 
when a condition is satisfied> @<a strobe condition> ; 
// psl assert <an assertion name> ; 

For example, in the assertion description of 1), 
""memcontl" is an assertion name, ^^!write_n && ! read_n" is 
an event to be monitored, in this case, '"never" is added in 
front of the event; therefore, it is monitored that the 
condition (event) in ( ) never becomes true. If ""always" 
is added, it is monitored that the condition in ( ) is true. 
In addition, by ""@ (posedge elk)" which follows the above 
statement, it is defined that monitoring the condition is 
executed at every time of rising edges (positive edges) . 
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^^->'' changes to ^^|=>" or ^^|->" depending on the time when 
the expected operation is started. In this, the above 
example does not accompany expected operations . 

The part in ( ) except the strobe condition is 
5 described by the Verilog-HDL which returns Boolean values. 
The part in ( ) of the strobe condition has a description 
form of a sensitivity list described by an ^^always 
sentence" of the Verilog-HDL. 

In the PSL, an event to be monitored can be 
10 defined, and each part of expected operations at the time 

when the condition is satisfied can define a sequence, that 
is, the changes of events and expected operations in plural 
cycles can be defined. An example is explained. 

The intention of designing: When a clear start 
15 condition (m_task == 2' bOO) is satisfied in a clearing 

process of a memory, in order to initialize all words (255 
words), a writing operation is repeated 256 times. Here, 
one writing operation is completed by the operation of 
Low-^High-^High of write_n synchronized with a rise cycle 
20 - (positive cycle) of elk. 

The PSL description: 
// psl sequence WRITE_PULSE = { !write_n; write_n; 
write_n } ; 

//psl property CLEAR_MEM_WRITE_N = 
25 // always { m_task 2' bOO } I => { WRITE^PULSE [*256] } 
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// @ (posedge elk) ; 

// psl assert CLEAR_MEM_WRITE_N; 

sequence'' defines a Low->High-*High sequence of 
^Vrite_n" by a macro-definition. 
5 Here, it is the part of expected operations which 

follows 'M=>" that is to be focused on. When ^^in_task == 
2' boo", the expected operation is WRITE_PULSE, that is, it 
is expected that the" sequence of Low-^High-^High being three 
cycles of write_n be repeated by 256 times. 

10 However, in such an assertion verifying 

technology, for example, in a case where the assertion 
description language is written by a manual input when the 
specifications are defined, there is a possibility that a 
mistake may be made in the assertion itself. As a result, 

15 a report of the warning of the assertion violation and the 
function coverage obtained by the assertion verification 
cannot be fed back to prevent the system revision and the 
revised edition of the system. Further, this requires a 
verification period fo.r debugging the assertion description 

20 language. Consequently, the verification efficiency 
becomes worse. 

In other words, the major premise of the 
assertion verifying technology is that the circuit 
specifications and the assertion description match each 

25 other; however, there is no method to confirm the matching 
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before executing the simulation. Further, with respect to 
a complex finite state machine, it is difficult to describe 
a sequence of a comprehensive state transition by manual 
operation. 

5 As conventional technologies with respect to the 

assertion verification, for example, there are technologies 
disclosed in Patent Document 1 and Patent Document 2. 

In Patent Document 1, a technology, in which a 
state transition machine is modeled by a graph and a state 

10 transition path that satisfies the assertion is searched, 
is disclosed. Further, a technology to confirm the 
rightness of the assertion by only an analysis of this 
graph is disclosed. By the technologies, matching the 
circuit specifications with the assertion description can 

15 be confirmed. 

However, in these technologies, with respect to 
the state transition machine which is made to be a graph, a 
model of the state transition machine which becomes a basic 
model is formed manually, or the state transition machine 

20 is extracted from design data formed by a description 

language of a RTL. Consequently, mixing a mistake in an 
object to be matched, that is, in the model of the state 
transition machine which should be the circuit 
specifications, cannot be avoided. 

25 In addition, in Patent Document 2, a technology. 
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which generates an assertion for verifying a circuit by 
extracting a data transfer structure from design data of a 
RTL and expanding the data transfer structure into a 
graphic structure, is disclosed. However, in this 
5 technology, since the assertion which is the circuit 

specifications is extracted from the design data, matching 
the circuit specifications with the assertion description 
cannot be assured. 

t Patent Document 1] Japanese Laid-Open Patent 
10 Application No. 2000-181933 

[ Patent Document 2] Japanese Laid-Open Patent 
Application No. 2000-142918 

[ Non-Patent Document 1] Property Specification 
Language Reference Manual Version 1.1 June 9, 2004, online, 
15 retrieved in September 14, 2004, from the Internet, URL: 
http: //www.eda.org/vfv/docs/PSL-vl. l.pdf 

Consequently, in the conventional technologies, 
matching the circuit specifications with the assertion 
description cannot be assured. 

20 

DISCLOSURE OF THE INVENTION 

The object of the present invention is to solve 
the problems in the conventional technologies, for example, 
to enable high reliability and high efficiency in assertion 
25 verification for an LSI and so on. 
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In order to achieve the above object, according 
to the present invention, a property to be verified is 
automatically converted into an assertion description 
language, based on a visual state transition figure, a 
5 timing chart, and a process sequence chart used when a 
designer forms specifications of a circuit, 

According to one aspect of the present invention, 
there is provided an assertion generating system that 
generates an assertion description which is used for 

10 assertion verification of a semiconductor integrated 
circuit. The assertion generating system includes a 
specification inputting unit that generates design data or 
specifications and a dociament for confirming a 
specification of the semiconductor integrated circuit by 

15 graphically editing the specification of the semiconductor 
integrated circuit based on user operations; a first 
storing unit that stores the design data generated by the 
specification inputting unit; a property generating unit 
that generates a property which verifies the specification 

20 of the semiconductor integrated circuit by reading the 

design data generated by the specification inputting unit 
from the first storing unit and using the read design data; 
a second storing unit that stores the property generated by 
the property generating unit; and an assertion generating 

25 unit that converts the property into an assertion 
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description by reading the property generated by the 
property generating unit from the second storing unit. In 
addition, the property generated by the property generating 
unit is a selection condition with respect to a state 
5 transition, a logic value of at least one or more signals, 
or at least one or more signals in the design data. 

According to another aspect of the present 
invention, there is. provided a program that makes a 
computer function as the units of the assertion generating 
10 system. 

According to another aspect of the present 
invention, there is provided a circuit verifying system. 
The circuit verifying system includes the assertion 
generating system and executes assertion verification of a 

15 semiconductor integrated circuit by using an assertion 

description generated by the assertion generating system. 

According to another aspect of the present 
invention, there is provided an assertion generating method 
that generates an assertion description which is used for 

20 assertion verification of a semiconductor integrated 

circuit by a computer which has a program. The assertion 
generating method includes a specification inputting step 
that generates design data of the semiconductor integrated 
circuit by graphically editing a specification of the 

25 semiconductor integrated circuit based on user operations 
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and inputs the design data in storage; a property 
generating step that reads the design data generated at the 
specification inputting step from the storage and generates 
a property which verifies the specification of the 
5 semiconductor integrated circuit using the read design data 
and inputs the property in the storage; and an assertion 
generating step that reads the property generated at the 
property generating step from the storage and converts the 
property into an assertion description. In addition, the 
10 property generated by the property generating step is a 

selection condition with respect to a state transition, a 
logic value of at least one or more signals, or at least 
one or more signals in the design data. 

According to the present invention, since the 
15 assertion description of a property to be verified is 

automatically generated from electronic data of the state 
transition figure which is attached to the specifications, 
matching the circuit specification with the assertion is 
established. Therefore, work to be used for debugging the 
20 assertion can be reduced. In addition, since the generated 
assertion is a function coverage point generated by 
comprehensive search of paths of the state transition, 
after the verification, feedback that a path has not been 
tested can be obtained by a function coverage report; 
25 consequently, missing a test of a corner case can be 
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prevented. In addition, since the assertion description of 
a property to be verified is automatically generated from 
electronic data of a selection condition of timing charts 
and signals which are attached to the specifications, or 
5 electronic data of figures or a table form in which a 

process sequence is noted or defined, matching the circuit 
specification with the assertion is established. Therefore, 
work to be used for debugging the assertion can be reduced. 
In many cases, the selection condition of timing charts and 

10 signals which are attached to the specifications or the 
process sequence is an important assertion to be surely 
tested at the time of verification; however,, since the 
assertion generated in the embodiment is an important 
property, a designer who does not know the specifications 

15 and the circuit functions sufficiently can execute 

verification by using the property. As a result, the 
number of times of revising the system caused by missing 
verification can be reduced. 

These and other objects, features, and advantages 

20 of the present invention will become more apparent from the 
following detailed description of preferred embodiments 
given with reference to the accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 
25 FIG- 1 is a block diagram showing a structural 
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example of hardware of which an assertion generating system 
and a circuit verifying system according to the present 
invention consist ; 

FIG. 2 is a block diagram showing a first 
5 functional structure example of the assertion generating 

system and the circuit verifying system using the assertion 
generating system according to the present invention; 

FIG. 3 is a diagram showing a memory content 
example of a graphic structure using in the assertion 
10 generating system according to the present invention; 

FIG. 4 is a. diagram showing a state transition 
figure and a graphic structure using in the assertion 
generating system according to the present invention; 

FIG. 5 is a block diagram showing a second 
15 functional structure example of the assertion generating 
system according to the present invention; 

FIG. 6 is a block diagram showing a third 
functional structure example of the assertion generating 
system according to the present invention; 
20 FIG. 7 is a diagram showing a timing chart 

example used in the assertion generating system according 
to the present invention; 

FIG. 8 is a diagram showing a structural body 
example for storing information with respect to signals 
25 defined on the timing chart and information with respect to 
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timing constraints for the signals using in the assertion 
generating system according to the present invention; 

FIG. 9 is a diagram showing a memory content 
example of property information with respect to the timing 
5 chart shown in FIG, 7; 

FIG. 10 is a block diagram showing a fourth 
functional structure example of the assertion generating 
system according to the present invention; 

FIG. 11 is a diagram showing a structural example 
10 of a logic table of a full adder used in the assertion 
generating system according to the present invention; 

FIG. 12 is a diagram showing a structural body 
example of one cell when the cell is expanded in a table in 
a memory; 

15 FIG. 13 is a diagram showing a memory structural 

example of a sheet in which cell structural bodies shown in 
FIG. 12 are combined; 

FIG. 14 is a diagram showing an example when the 
logic table of the full adder shown in FIG. 11 is expanded 
20 in the memory structural example shown in FIG. 13; and 

FIG. 15 is a diagram showing a structural example 
of a process sequence in a table form used in the assertion 
generating system according to the present invention. 

2 5 BEST MODE FOR CARRYING OUT THE INVENTION 
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Next, referring to the drawings, embodiments of 
the present invention are explained in detail. 

FIG. 1 is a block diagram showing a structural 
example of hardware of which an assertion generating system 
and a circuit verifying system according to the present 
invention consist. FIG. 2 is a block diagram showing a 
first functional structure example of the assertion 
generating system and the circuit verifying system using 
the assertion generating system according to the present 
invention. FIG. 3 is a diagram showing a memory content 
example of a graphic structure using in the assertion 
generating system according to the present invention. FIG. 
4 is a diagram showing a state transition figure and a 
graphic structure using in the assertion generating system 
according to the present invention. FIG. 5 is a block 
diagram showing a second functional structure example of 
the assertion generating system according to the present 
invention. FIG. 6 is a block diagram showing a third 
functional structure example of the assertion generating 
system according to the present invention. FIG. 7 is a 
diagram showing a timing chart example used in the 
assertion generating system according to the present 
invention. FIG. 8 is a diagram showing a structural body 
example for storing information with respect to signals 
defined on the timing chart and information with respect to 
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timing constraints for the signals using in the assertion 
generating system according to the present invention. FIG. 
9 is a diagram showing a memory content example of property 
information with respect to the timing chart shown in FIG. 

5 7-. FIG. 10 is a block diagram showing a fourth functional 
structure example of the assertion generating system 
according to the present invention. FIG. 11 is a diagram 
showing a structural example of a logic table of a full 
adder used in the assertion generating system according to 

10 the present invention. FIG. 12 is a diagram showing a 
structural body example of one cell when the cell is 
expanded in a table in a memory. FIG. 13 is a diagram 
showing a memory structural example of a sheet in which 
cell structural bodies shown in FIG. 12 are combined. FIG. 

15 14 is a diagram showing an example when the logic table of 
the full adder shown in FIG. 11 is expanded in the memory 
structural example shown in FIG. 13. FIG. 15 is a diagram 
showing a structural example of a process sequence in a 
table form used in the assertion generating system 

20 according to the present invention. 

In FIG. Ir the reference number 101 is storage 
composed of a memory^ a hard disk, and so on; the reference 
number 102 is a CPU (central processing unit) ; the 
reference number 103 is an input unit composed of a 

25 keyboard, a mouse, and so on; the reference number 104 is a 
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display unit composed of a CRT (cathode ray tube), a LCD 
(liquid crystal display) and so on; the reference number 
105 is a system bus, and a computer system is composed of 
the units 101 through ICIS in which the units 101 through 
5 104 are connected by the system bus 105. 

The storage 101 stores functional descriptions of 
hardware not depending on architecture, and functions and 
means according to the present invention in feasible • 
program formats which are read from recording media, from 

10 which a computer can read the programs, such as a CR-ROM 
(compact disc-read only memory) , a DVD (digital video 
disc/digital versatile disc), and a FD (flexible disk). 
The CPU 102 executes the programs being stored in the 
storage 101, and executes processes of functions of the 

15 assertion generating system having the structure shown in 
FIG. 2. 

A user interactively inputs commands to execute 
the programs that realize inputting and editing of the 
functional descriptions of hardware not depending on 

20 architecture and means of the present invention by using 
the input unit 103. The display unit 104 displays the 
functional descriptions of hardware not depending on 
architecture, and the progress and the results of the 
programs, which realize the means of the present invention, 

25 executed by the CPU 102. 
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FIG. 2 shows a basic structure of an assertion 
generating system 207 and a circuit verifying system using 
the assertion generating system 207 according to the 
present invention. First, a circuit specification to be 
5 specified in specifications is input from a graphical 
editor 201 by user operations, and the circuit 
specification input at the graphical editor 201 is stored 
in the storage 101 as specification electronic data 202. 
In this, as the graphical editor 201, a graphical editor 
10 such as a timing chart editor disclosed in, for example, 
Japanese Laid-Open Patent Application No. 1-309185 can be 
used. 

Next, a syntax analyzer 203 reads the 
specification electronic data 202 being stored in the 

15 storage 101 and analyses the syntax, and a property 

extractor 204 extracts a property to be verified from the 
results of the syntax analysis. . 

An assertion generator 205 generates an assertion 
description language 206, which can be input to a simulator 

20 or a static property checker from the property extracted 

from the property extractor 204. The assertion description 
language 20 6 generated in such a manner is stored in the 
storage 101 and is input to a simulator, and verification 
is executed. 

25 As mentioned above, according to the assertion 
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generating system of this example, when assertion 
verification, which verifies design data in which a 
property with respect to a specification of a semiconductor 
integrated circuit or a part of the specification of the 
5 semiconductor integrated circuit is described in an 

assertion description with design data of a circuit to be 
verified of the property, is executed by a simulator or a 
static verification tool, the graphical editor 201 
generates the specification electronic data 202 (design 

10 data) by editing a specification of a finite state machine 
by a visual expression on a state transition table or a 
state transition figure. The syntax analyzer 203 analyses 
the circuit specification defined at the graphical editor 
201 and the property extractor 204 extracts a property to 

15 be verified based on the design data, and the assertion 
generator 205 outputs this property in an assertion 
description. 

Here, the design data (specification electronic 
data) formed at the graphical editor 201 are expanded into 

20 a graphic structure on the storage 101, and the property 

extractor 204 can refer to the graphic structure. Further, 
as the design data (specification electronic data) formed 
at the graphical editor 201, data, in which a process 
sequence of a circuit is shown in a timing chart or a time 

25 series figure by using a business tool that can edit a 
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table input or a figure^ are included, in addition to the 
state transition- table and the state transition figure. 

FIG. 5 shows an example in which the state 
transition figure is used as the design data (specification 
electronic data) to be formed at the graphical editor 201. 
In FIG. 5, graphical information 501 that is the state 
transition figure exemplified in, for example, FIG. 4(a), 
is edited and formed by the graphical editor 201 and is 
stored in the storage 101 being a hard disk, a system 
memory, and so on. 

The graphical information 501 includes visual 
information, that is, coordinate information and so on in 
which structural elements of the state transition figure 
are disposed, and the state transition figure expressed 
visually can be attached to specifications by printing out. 

A graph search engine 502 has functions of the 
syntax analyzer 203 and the property extractor 204 shown in 
FIG. 2, and extracts a graphic structure exemplified in FIG. 
4 (b) from the state transition figure exemplified in FIG. 
4(a), and temporarily stores the graphic structure in a 
system memory. In the extracted graphic structure, the 
structural elements of the state transition figure are 
formed as nodes, and the graph search engine 502 searches 
state transition paths. For example, the graph search 
engine 502 searches all state transition paths from an 
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initial state of the state transition machine, extracts the 
paths, and stores them in the storage 101 as a path 
database 503. 

A property converter 504 converts the state 
5 transition paths extracted by the graph search engine 502 
into an assertion description language 505 by referring to 
the path database 503. The assertion description language 
505 converted at the property converter 504 is described, 
for example, as a function coverage point for confirming 

10 whether the assertion description language 505 has been 
tested at a simulator. 

An example of the memory content of the graphic 
structure to be used at the graph search engine 502 is 
shown in FIG. 3. In FIG. 3, the reference number 301 is a 

15 structural body that stores information of each state in 
the state transition figure, and the reference number 302 
is a- structural body that stores information of arcs in the 
state transition figure. These structural bodies 301 and 
302 mutually execute a pointer reference and form a graph 

20 in which the respective pointers are made to be nodes. 

In FIG. 4, FIG. 4(a) shows an example of a state 
transition figure, and FIG. 4(b) shows a graphic structure 
formed from the state transition figure. The graph search 
engine 502 shown in FIG. 5 searches the state transition 

25 paths from the state transition figure shown in FIG. 4 (a) 
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by using a path search in graph logiC/ for example^ an 
algorithm of a shortest path search. As a result, the 
graphic structure shown in FIG. 4 (b) is formed and the 
graphic structure is stored in the path database 503. 
5 Next, an example of a state transition path to be 

stored in the path database 503 shown in FIG. 5 is shown by 
using the example shown in FIG. 4. 
init ; 
(GO) SI ; 
10 init ; 

In this example, a path from ^'inif to ^'Sl" is 
searched, and when ^'GO'' is true, that is, is ^^1'', the state 
transition path is formed. 

In addition, an assertion description by PSL, 
15 which is generated by the property converter 504 in FIG. 5 
(the assertion generator 205 in FIG. 2) from this state 
transition path, is shown as follows. 

property init_to_Sl = always { state == init & GO} |=> 
{ state == SI} ; 

20 In case of a state transition machine, it is 

necessary that all states are visited in verification, in 
order to quantify the verification accuracy of important 
functions being Iceys of circuit functions. Whether each 
state of the state transition machine is visited can be 

25 determined by confirming the function coverage of state 



verification by cover syntax of PSL. In case of the 

example shown in FIG. 4, it is enough that only state names 

stored in nodes of a graph are made to be a list by a cover 

description of PSL. 

In the following^ the result is shown. In this, 
state'' is a state register name for holding the state at 

the time when a state transition machine is installed. 

// psl cover ( state === init) ; 
// psl cover ( state == SI) ; 

Here, in a case where the graphical information 
501 shown in FIG. 5 has information of a graphic structure 

with the coordinate information, as shown in FIG. 3 and FIG. 
4 (a) , the graph search engine 502 directly refers to the 
graphic structure in the graphical information 501. 

Next, referring to FIG. 6, another embodiment of 
the present invention is explained. In the embodiment 
shown in FIG. 6, timing chart information to be attached to 
specifications is extracted from timing chart electronic 
data 601, and the interrelation with respect to timing of a 
signal group to be verified is made to be an assertion 
description. 

In FIG. 6, the reference niomber 602 is a timing 
chart reader that reads the timing chart electronic data 
601, the reference number 603 is a timing property 
extractor that extracts an interrelation with respect to 



timing of a signal group to be verified (timing chart 
information) and stores the interrelation in a timing chart 
database 604, and the reference number 605 is a property 
converter that reads the timing chart information from the 
timing chart database 604 and generates an assertion 
description language 606 that can be input to a simulator 
or a static property checker. 

In this, the timing chart electronic data 601 can 
be data formed and edited by a timing chart editor (not 
shown) , in this case, the timing chart reader 602 becomes a 
syntax analyzer for timing chart information formed and 
edited by the timing chart editor. 

The memory content used by the timing property 
extractor 603 is shown in FIG. 8. In FIG. 8, the reference 
number 801 is a structural body that stores information 
with respect to signals defined on the timing chart, and 
the reference number 802 is a structural body that stores 
information with respect to timing constraint for the 
signals. 

An example of the timing chart that is read by 
the timing chart reader 602 is shown in FIG. 7. In the 
example shown in FIG. 7, ^^ack" rises (becomes positive) 
during 2 to 5 cycles from the rise (positive) of ""req" 
synchronized with '"elk". 

In the example shown in FIG. 7, the timing 



constraint (property) , in which the positive of ^^ack" must 
be received in the range of 2 to 5 of ^"clk" after the 
output signal of ^^req" becomes 1, is described. 

The timing property extractor 603 shown in FIG. 6 
extracts the timing information (property) to be verified 
by using signal attributes such as IN, OUT, and CK, and 
^"pos" that means a rising condition, and interrelation with 
respect to timing of a signal group such as ^^<-".and ^^->" 
as keywords. 

The timing chart information shown in FIG. 7 
formed and edited by the not-shown timing chart editor is 
stored in hardware by being edited in, for example, the 
following list. In the following list, 1 through 3 rows 
show pins and input /output attributes, for example, a clock 
input, and 4 through 7 rows show waveform information. In 
the sixth row, a property, in which "'ack" rises (becomes 
positive) during 2 to 5 cycles from the rise (positive) of 
"'req'' synchronized with ^^clk'', is shown. 

1 CK elk; 

2 IN ack; 

3 OUT req; 

4 { elk, req, ack} = { 1, 0,0} ; 

5 { elk, req, ack} = { 1,1,0} ; 

6 { elk, req, ack} = { 1, 0, 0} [ 2 : 5] ; 

7 { elk, req, ack} = { 1,0,1} ; 
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A memory content example of property information 
with respect timing expanded by this timing. chart 
information is shown in FIG. 9. 

Next, an example, in which a business tool 
capable of inputting a table and editing a figure is used 
for editing a logic table and a time series property of the 
above circuit, is explained. 

FIG. 11 is a structural example in which a logic 
table of a full adder is input by Excel (a registered 
trademark) being spread sheet software of Microsoft Corp. 
NAME, CLOCK, CONDITION, and EXPECT shown in a bold type are 
reserved words when a table definition is executed, and 
show a property name, a clock name, a start condition of an 
assertion check, and expected operations when the assertion 
check is started, respectively. 

In the next row of CONDITION and EXPECT, signal 
names are described, and under the names, logic values are 
entered. According to Excel, a sheet is composed of cells, 
a cell is a basic unit of a table, and the sheet can be 
output as an ASCII file by separating cells with 

In the case of FIG. 7, the signal name, the 1/2 
pulse of clock, and so on are managed by cell, and after 
expanding in a memory, the cell structure is scanned and 
the memory content shown in FIG. 9 is obtained. 

FIG. 12 is a structural body for expressing one 
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cell when a cell of Excel is expanded in a memory. Members 
of top, bottom, left, and right in this structural body 
respectively execute a pointer reference to up and down and 
left and right. 

5 FIG. 13 is a diagram showing a structural example 

of a sheet in which structural bodies of the cells shown in 
FIG. 12 are combined. The reference number 1301 is a 
pointer showing a sheet, and is composed of '^next" being a 
pointer reference of the next sheet and a member that 

10 executes a pointer reference for a header of a cell. The 
reference number 1302 is a pointer of a cell, and executes 
a pointer reference for up and down and left and right by 
using the members of top, bottom, left, and right. By the 
above method, scanning cells on the sheet can be easily 

15 executed, and the retrieval by the keywords such as NAME, 
CLOCK, CONDITION, and EXPECT and the interpretation of the 
logic table can be executed. 

FIG. 14 shows a content example when the logic 
table of the full adder shown in FIG. 11 is expanded in the 

20 memory structure shown in FIG. 13. 

In the following, a PSL description, which 
generates an assertion description from the logic table of 
the full adder shown in FIG- 11, is shown. In this, the 
table and the verification data (that is, assertion) can be 

25 easily linked. by adding the row number of the table to the 
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structure of the assertion name. For example^ on the first 

row^ FADD_S_0 FADD_csv_line_5 is the assertion name^ and 

line_5 corresponds to the row number of the table. 

psl property FADD_S_0 FADD_csv_line_5 = always { !A & !B 

5 & !CI} |-> { S === V bO} ; 

psl property FADD CO 0 FADD csv line 5 = always { !A & !B 
& !CI} |-> { CO === V bO} ; 

psl property FADD_S_1 FADD_csv_line_6 = always { !A & IB 

& !CI} |-> { S ==- 1' bl} ; 

10 psl property FADD_C0_1 FADD_csv_line_6 = always { !A & !B 

& !CI} |-> { CO === r bO} ; 

psl property FADD_S_2 FADD_csv_line_7 = always { !A & !B 

Se !CI} l-> { S === r bl} ; 

psl property FADD_C0_2 FADD_csv_line_7 = always { !A & !B 

15 & !CI} |-> {CO ===== 1' bO} ; 

psl property FADD_S_3 FADD_csv_line_8 = always { !A & !B 

& !CI} |-> { S === V bO} ; 

psl property FADD_C0_3 FADD_csv_line_8 = always { !A & !B 

& !CI} |-> { CO === 1' bl} ; 

20 psl property FADD_S_4 FADD_csv_line_9 = always { !A & !B 

& !CI} |"> { S === V hi] ; 

psl property FADD_C0_4 FADD_csv_line_9 = always { !A & !B 

& !CI} |-> { CO === y bO} ; 

psl property FADD_S_5 FADD_csv_line_10 = always { !A & !B 

25 & !CI} |-> { S === 1' bO} ; 
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psl property FADD_C0_5 FADD_csv_line_10 = always { !A & !B 

& !CI} |-> { CO === V bl} ; 

psl property FADD S 6 FADD csv line 11 = always { !A & !B 
& !CI} |-> { S === V bO} ; 
5 psl property FADD CO 6 FADD csv line 11 = always { !A & !B 
& !CI} |"> {CO === 1' bl} ; 

psl property FADD S 7 FADD csv line 12 = always { !A & !B 
& !CI} |-> { S === r bl} ; 

psl property FADD_C0_7 FADD_csv_line_12 = always { !A & !B 

10 & !CI} |-> {CO === rbl}; 

In FIG. 10, another embodiment of the present 
invention is explained. In this embodiment, a sequence to 
be attached to specifications is stored as table data 1001, 
a syntax analyzer 1002 expands a sequence which is defined 

15 in a table form on a system memory, a sequence extractor 
1003 extracts a process sequence to be verified, and a 
property converter 1004 converts the sequence into an 
assertion description 1005- 

An example of a process sequence to be verified 

20 is shown in FIG. 15. This example shows a property equal 
to that shown in FIG. 7. This example is also formed by 
Excel. The syntax analyzer 1002 and the sequence extractor 
1003 resolves a sequence described in cells into time 
series, and the property converter 1004 generates an 

25 assertion description by using a SERE expanded regular 
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expression of PSL. 

In the resolution of the sequence into time 
series, in a character string is interpreted as 

behavior during one clock cycle. In FIG. 15, ^'0[*2:5]" 
5 uses a repetition expression of PSL, and means that a LOW 
period continues during 2 to 5 cycles. Further, since 
^^0[ * 2 : 5] ; 1; 0" is described, ^'ack'' shows behavior that a 
Low period continues during 2 to 5 cycles and after this 
High and Low follow. 
10 In the following, an assertion description of PSL 

generated based on FIG. 15 is shown. 

psl property reqack_ack_0 ^REQ_csv_line_5 = always { (rose)} 

I -> { { ack === r bO} [ *2: 5] ;{ ack ==- 1' bl} ;{ ack === 1' bO} ; 

Programs for which the CPU 102 shown in FIG. 1 
.15 executes process flows shown in FIGS. 5, 6, and 10 are 

recorded in a magnetic medium and so on in a feasible form 
and stored in the storage 101. 

As explained by using FIGs. 1 through 15, the 
assertion generating system 207 according to the embodiment 
20 generates an assertion description that is used for 
assertion verification of a semiconductor integrated 
circuit. The graphical editor 201 (specification inputting 
unit) generates design data of the semiconductor integrated 
circuit by graphically editing a specification (finite 
25 state machine, process sequence) of the semiconductor 
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integrated circuit into a state transition table and a 
state transition figure or a timing chart and a time series 
figure based on user operations^ forms the specification 
electronic data 202 by expanding the design data to a 
5 graphic structure, and causes the storage 101 to store the 
data. In addition, the syntax analyzer 203 and the 
property extractor 204 (property generating unit) read the 
specification electronic data 202 (design data) from the 
storage 101 and generate a property that verifies the 
10 specification of the semiconductor integrated circuit based 
on the design data. Further, the assertion generator 205 
(assertion generating unit) converts the property into the 
assertion description language 206. 

In this, in the graphical editor 201 
15 (specification inputting unit), the design data of the 
semiconductor integrated circuit can be generated by 
editing the specification of the semiconductor integrated 
circuit with the use of a logic table or a state table 
based on user operations. The assertion generator 205 
20 converts the property into an assertion description; in 

which an assertion name composed of a table name or a table 
row nvimber of the logic table or the state table edited at 
the graphical editor 201 (specification inputting unit), or 
an assertion name composed of a signal name or a state name 
25 in the logic table or the state table is added. 
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The circuit verification system according to the 
embodiment provides the assertion generating system 207 and 
executes assertion verification of the semiconductor 
integrated circuit by using the assertion description 
5 generated by the assertion generating system 207. 

As mentioned above^ according to the embodiments, 
since the assertion description of a property to be 
verified is automatically generated from electronic data of 
the state transition figure which is attached to the 

10 specif ications, matching the circuit specification with the 
assertion is established. Therefore, work to be used for 
debugging the assertion can be reduced. In addition, since 
the generated assertion is a function coverage point 
generated by comprehensive search of paths of the state 

15 transition, after the verification, feedback that a path 

has not been tested can be obtained by a function coverage 
report; consequently, missing a test of a corner case can 
be prevented. 

In addition, since the assertion description of a 

20 property to be verified is automatically generated from 

electronic data of a selection condition of timing charts 
and signals which are attached to the specifications, or 
electronic data of figures or a table form in which a 
process sequence is noted or defined, matching the circuit 

25- specification with the assertion is established. Therefore, 
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work to be used for debugging the assertion can be reduced. 
In many cases, the selection condition of timing charts and 
signals which are attached to the specifications or the 
process sequence is an important assertion to be surely 
tested at the time of verification;- however, since the 
assertion generated in the embodiment is an important 
property, a designer who does not know the specifications 
and the circuit functions sufficiently can execute 
verification by using the property; as a result, the number 
of times of revising the system caused by missing the 
verification can be reduced. 

While the present invention is described above 
with reference to specific embodiments shown in FIGs. 1 
through 15, it should be apparent that the invention is not 
limited to these embodiments, but numerous modifications 
could be made thereto by those skilled in the art without 
departing from the basic concept and scope of the invention. 
For example, in the embodiments, programs which realize the 
property extractor 204, the assertion generator 205, and so 
on are stored in the storage 101 by using recording media 
such as a CD-ROM, a DVD, and a FD; however, the programs 
can be stored in the storage 101 by down loading via a 
network using a communication apparatus. 

Further, in the embodiments, the assertion 
description is executed by using PSL, but can be executed 



by using other languages. 

This patent application is based on Japanese 
Priority Patent Application No. 2004-286042 filed on 
September 30^ 2004. 



